lessonly
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membranecommand-line interface to interact with external services. It provides instructions for logging in, connecting to Lessonly, and running various actions via the terminal. - [EXTERNAL_DOWNLOADS]: The instructions direct the user to install the
@membranehq/clipackage from the official NPM registry. This is a standard practice for utilizing the vendor's tooling to manage integrations and authentication. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill explicitly encourages using the Membrane platform to handle credentials server-side, avoiding the need for local storage of API keys or tokens.
- [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes natural language descriptions to search for or create actions. It also ingests output from these actions. This is a known risk factor common to integration skills, and behavior is consistent with intended functionality.
Audit Metadata